bbAntiSpam: Discuss how to stop web spam

The forum is retired.

bbAntiSpam Forum Index - Textual Confirmation - Security query

Author Message
Guest






Posted: Sun Feb 11, 2007 12:48 pm    Post subject: Security query  

Hi,

I'm interested in using your mod - so downloaded it and had a quick look. I notice that you set a server path in a variable instead of in a constant and wondered if this was perhaps a security problem:

$phpbb_root_path = "./../";

Could a hacker pass in their own path (to an external site) via GET to compromise the server?

Jimbo
admin
Site Admin


Joined: 18 Apr 2006
Posts: 805
Location: Saint-Petersburg, Russia

Posted: Mon Feb 12, 2007 4:34 am    Post subject:  

Hi!

Don't worry, everything is ok here.

It isn't a use of variable, it's an assignment to the variable. And all the following uses of the variable will use the assigned value, which is constant.

This code is used everywhere in phpBB. See, for example, the file "viewtopic.php".
_________________
Oleg Parashchenko, bbAntiSpam
Do you love our tools? Please sponsor further development!
Guest






Posted: Mon Feb 12, 2007 6:14 pm    Post subject:  

Ok - thanks for the positive reply.

All the best,
Jim

Ok.